github.com/kubernetes/kubernetes is vulnerable to arbitrary file write. The kubectl cp
command does not safely process symlinks during unpacking, which would allow an attacker to unpack files outside of the destination directory.
bugzilla.suse.com/show_bug.cgi?id=1151300
github.com/kubernetes/kubernetes/commit/541da77d96a91734c2c068a09c6509d519898837
github.com/kubernetes/kubernetes/issues/87773
github.com/kubernetes/kubernetes/pull/82143
github.com/kubernetes/kubernetes/pull/82384
github.com/kubernetes/kubernetes/pull/82502
github.com/kubernetes/kubernetes/pull/82503
groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ